Tagged: LTE

DEFCON 23 – LTE Recon and Tracking with RTLSDR

Back on Dec 5 we posted about some Defcon 23 talks that were released from the Wireless Village set of talks. Recently some more talks from other tracks have been released and one of interest to our blog is the talk by Ian Kline titled “LTE Recon and Tracking with RTLSDR”. The talk’s blurb reads:

Since RTLSDR became a consumer grade RX device, numerous talks and open source tools enabled the community to monitor airplanes, ships, and cars… but come on, what we really want to track are cell phones. If you know how to run cmake and have $50 to pick up an RTLSDR-E4000, I’ll make sure you walk out of here with the power to monitor LTE devices around you on a slick Kibana4 dashboard. You’ll also get a primer on geolocating the devices if you’ve got a second E4000 and some basic soldering skills.

DEF CON 23 - Ian Kline - LTE Recon and Tracking with RTLSDR

Analyzing TD-LTE with the RTL-SDR

TD-LTE is a mobile phone standard acronym for Time Division Long Term Evolution. It is one of two variants of LTE technology, with the other being FD-LTE (Frequency Division LTE).

Over in China where TD-LTE is commonly used, Jiao Xianjun discovered that the current LTE-Cell-Scanner Linux program did not support TD-LTE, so he made a fork which does support TD-LTE. LTE-Cell-Scanner is a program which can decode LTE cell tower data which contains information like the cell ID, transmit frequency and transmit strength. With his modified LTE-Cell-Scanner, some MATLAB scripts he wrote and an RTL-SDR, Jiao was able to decode the cell information from 10 TD-LTE signals and 2 FD-LTE signals. He has uploaded a video showing this too.

TD-LTE, LTE FDD, scanning/demodulation results in Beijing, China